Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134
Bug #1847243 reported by
Daniel 'f0o' Preussker
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
High
|
James Page | ||
Rocky |
Fix Released
|
High
|
James Page | ||
Stein |
Fix Released
|
High
|
James Page | ||
Train |
Fix Released
|
High
|
James Page | ||
octavia (Ubuntu) |
Fix Released
|
High
|
James Page | ||
Disco |
Fix Released
|
High
|
James Page | ||
Eoan |
Fix Released
|
High
|
James Page |
Bug Description
Octavia packages in cloud-archive/
Fixes are committed to these versions:
Queens: 2.1.2
Rocky: 3.2.0
Stein: 4.1.0
With backports to:
Pike: Git#2976a7f0f10
Ocata: Git#c2fdffc3b74
Reference:
https:/
CVE References
Changed in octavia (Ubuntu Disco): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → James Page (james-page) |
Changed in cloud-archive: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Worth to notice;
Amphora images built against 4.1.0 will not be able to be booted up from current stein packages unless octavia-worker is also updated to 4.1.0.
Similar issues are to be expected in the other releases.
Train release (5.0.0.0rc1) is also vulnerable and has a fix committed to 5.0.0.0rc2.